diff options
| author | Alex Stapleton <alexs@prol.etari.at> | 2014-02-08 12:24:02 +0000 |
|---|---|---|
| committer | Alex Stapleton <alexs@prol.etari.at> | 2014-02-11 08:16:44 +0000 |
| commit | 8f2250fcfa477731a1a880a467b58198db8790aa (patch) | |
| tree | 588598007a395285afde2804fb2772c50868c8e0 /cryptography | |
| parent | ae17250910ef1bd660552ea0ba7d92020bde325b (diff) | |
| download | cryptography-8f2250fcfa477731a1a880a467b58198db8790aa.tar.gz cryptography-8f2250fcfa477731a1a880a467b58198db8790aa.tar.bz2 cryptography-8f2250fcfa477731a1a880a467b58198db8790aa.zip | |
Generate RSA Keys
Diffstat (limited to 'cryptography')
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 6da90cef..d8869328 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -20,7 +20,7 @@ from cryptography.exceptions import ( UnsupportedAlgorithm, InvalidTag, InternalError ) from cryptography.hazmat.backends.interfaces import ( - CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend + CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend ) from cryptography.hazmat.primitives import interfaces, hashes from cryptography.hazmat.primitives.ciphers.algorithms import ( @@ -30,12 +30,14 @@ from cryptography.hazmat.primitives.ciphers.modes import ( CBC, CTR, ECB, OFB, CFB, GCM, ) from cryptography.hazmat.bindings.openssl.binding import Binding +from cryptography.hazmat.primitives.asymmetric import rsa @utils.register_interface(CipherBackend) @utils.register_interface(HashBackend) @utils.register_interface(HMACBackend) @utils.register_interface(PBKDF2HMACBackend) +@utils.register_interface(RSABackend) class Backend(object): """ OpenSSL API binding interfaces. @@ -259,6 +261,46 @@ class Backend(object): ) ) + def _bn_to_int(self, bn): + hex_cdata = self._lib.BN_bn2hex(bn) + assert hex_cdata != self._ffi.NULL + hex_str = self._ffi.string(hex_cdata) + self._lib.OPENSSL_free(hex_cdata) + return int(hex_str, 16) + + def generate_rsa_private_key(self, public_exponent, key_size): + if public_exponent < 3: + raise ValueError("public_exponent must be >= 3") + + if public_exponent & 1 == 0: + raise ValueError("public_exponent must be odd") + + if key_size < 512: + raise ValueError("key_size must be at least 512-bits") + + ctx = backend._lib.RSA_new() + ctx = backend._ffi.gc(ctx, backend._lib.RSA_free) + + bn = backend._lib.BN_new() + assert bn != self._ffi.NULL + bn = backend._ffi.gc(bn, backend._lib.BN_free) + + res = backend._lib.BN_set_word(bn, public_exponent) + assert res == 1 + + res = backend._lib.RSA_generate_key_ex( + ctx, key_size, bn, backend._ffi.NULL + ) + assert res == 1 + + return rsa.RSAPrivateKey( + p=self._bn_to_int(ctx.p), + q=self._bn_to_int(ctx.q), + private_exponent=self._bn_to_int(ctx.d), + public_exponent=self._bn_to_int(ctx.e), + modulus=self._bn_to_int(ctx.n), + ) + class GetCipherByName(object): def __init__(self, fmt): |